Our application is deployed in Websphere(in solaris Os) which uses IBM java 1.6.0_26, this java version not supports TLSv1.2 protocol.
Note: the below code is working fine in my local machine with the Oracle java 1.6.0_26 version but not working for IBM 1.6.0_26 version.**
Below is my code
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.security.Security;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
public class TestClient{
public static void main(String[] args) throws IOException {
try {
System.out.println("java version---"+System.getProperty("java.version"));
System.out.println("java path---"+System.getProperty("java.home"));
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.removeProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
SSLContext sslContext= SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME);
sslContext.init(null, null , null);
String https_url = "xxxxxxxxxxxxxxxx";
String json = "xxxxxxxxxxxxxxxx";
URL url = new URL(https_url);
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setConnectTimeout(5000);
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestMethod("POST");
OutputStream os = conn.getOutputStream();
os.write(json.getBytes("UTF-8"));
os.close();
InputStream in = new BufferedInputStream(conn.getInputStream());
String response = IOUtils.toString(in, "UTF-8");
System.out.println("\nWebService Response:\n\n");
System.out.println("\n\n"+response+"\n\n");
in.close();
conn.disconnect();
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
Output of above code:
-bash-3.2$ javac TestClient.java
-bash-3.2$ java TestClient
java version---1.6.0_26
java path---/opt/IBM/WebSphere/AppServer/java/jre
java.security.KeyManagementException: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.selectKeyManager(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.engineInit(Unknown Source)
at javax.net.ssl.SSLContext.init(SSLContext.java:27)
at Testtt.main(Testtt.java:40)
Caused by: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:16)
... 4 more
-bash-3.2$
Please help me how to solve this problem!....
Edit 1: i added the below two lines in the code: Security.setProperty("ssl.KeyManagerFactory.algorithm","PKIX"); Security.setProperty("ssl.TrustManagerFactory.algorithm","PKIX");
But now the error is at outputstream:
java path---/opt/IBM/WebSphere/AppServer/java/jre
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
WARNING: String security property [jdk.tls.disabledAlgorithms] defaulted to: SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
WARNING: String security property [jdk.certpath.disabledAlgorithms] defaulted to: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi getDefaultTrustStore
INFO: Initializing with trust store at path: /opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.ibm.jsse2.a.a(a.java:148)
at com.ibm.jsse2.a.a(a.java:96)
at com.ibm.jsse2.tc.a(tc.java:302)
at com.ibm.jsse2.tc.g(tc.java:208)
at com.ibm.jsse2.tc.a(tc.java:482)
at com.ibm.jsse2.tc.startHandshake(tc.java:597)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:44)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:36)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:66)
at Testtt.main(Testtt.java:38)
BCJSSE should be used with its own KeyManagerFactory and TrustManagerFactory. It can be helpful to modify these options as follows in java.security:
ssl.KeyManagerFactory.algorithm=PKIX
ssl.TrustManagerFactory.algorithm=PKIX
However, the stack trace you showed comes from some BC version before 1.61. You report trying to use 1.64, so you must have extra jars in your class path somewhere (e.g. sometimes application servers include BC jars). Please locate the extras and remove them, or you will likely run into all sorts of other problems.